Partitioning Aggregation

With IdentityIQ version 8.1 Patch 4, 8.2, or 8.0p5, auto partitioning can be performed by going to Configuration > Settings > Account and selecting the Allow Auto Partitioning checkbox. For more information, refer to Account and Group Settings.

Configuring partitions manually

The Active Directory connector supports the Partitioning Aggregation feature to enable faster retrieval of Active Directory data.

In the Active Directory connector, data can be partitioned by specifying a searchDN and/or a searchFilter as a partition entry. The The Active Directory connector partition entries are the application configuration searchDNs list with each entry of the list treated as a single partition.

Typically, for a container-based partitioning of data, define the searchDNs or partition list as follows:

Copy

<entry key="searchDNs">
  <value>
     <List>
        <Map>
           <entry key="searchDN" value="ou=test1,DC=test,DC=sailpoint,DC=com"/>
          <entry key="iterateSearchFilter" value="(&(objectclass=user) )"/>
          <entry key="searchScope" value="SUBTREE"/>
        </Map>
        <Map>
           <entry key="searchDN" value="ou=test2,DC=test,DC=sailpoint,DC=com"/>
           <entry key="iterateSearchFilter" value="(&(objectclass=user) )"/>    
          <entry key="searchScope" value="SUBTREE"/>
        </Map>
     </List>
</entry>

And for filter-based partition, define the searchDNs list or partition list as follows:

Copy

<entry key="searchDNs">
  <value>
     <List>
       <Map>
          <entry key="searchDN" value="DC=test,DC=sailpoint,DC=com"/>
         <entry key="iterateSearchFilter" value="(&(objectclass=user)(sn=a*))"/>
          <entry key="searchScope" value="SUBTREE"/>
     </Map>
       <Map>
         <entry key="searchDN" value="DC=test,DC=sailpoint,DC=com"/>
         <entry key="iterateSearchFilter" value="(&(objectclass=user) (sn=b*))"/>    
          <entry key="searchScope" value="SUBTREE"/>
        </Map>
     </List>
 </entry>

As seen above, in the first example, the OUs on which the search is performed are different although the searchFilter is the same. Whereas, in the second partitions entry, the OUs are same, but the iterateSearchFilter values are different. Since the required key values are similar, you could have both the above examples coupled together into the application configuration of a single Active Directory Connector application. Active Directory Connector combines the searchDN value and the iterateSearchFilter value and considers it as the partition context, avoiding any additional required configurations.

Note

Each of the partitions specified must be unique by way of the searchDN value or the iterateSearchFilter value. If not, the first partition is aggregated skipping the subsequent duplicate ones.

When there is no defined partition list, the aggregation executes over the baseDN and the iteraterSearchFilter only, even though the task definition has partitioning enabled. Similarly, with a partition list defined and partitioning is not enabled on the task definition, IdentityIQ retrieves data from each searchDN entry in a sequential manner.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Partitioning Aggregation

Configuring partitions manually

Documentation Feedback